Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Google, Microsoft increase cash offered under bug bounty programs

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

March 6, 2017

We've learned today that Google and Microsoft have both sweetnened the cash offered under their bug bounty programs.

Google's increases are permanent, in recognition of what security program manager Josh Armour says is an environment in which “elevated security vulnerabilities have become a lot more difficult to identify over the years.”

Google is going to pay more to reflect the time it takes to find complex and sometimes obscure security holes in software.

Google's number one priority still remains remote code execution security flaws, which can now earn white hats up to US $31,337. Google's ceiling for payments used to be $20,000.

Finding a security flaw that permits “unrestricted file system or database access” can now result in $13,337 heading your way, up from $10,000.

For its part, Microsoft has also increased its payouts, but only for a period of 2 months and for a small handful of services.

The good news is that Microsoft has doubled its payouts for vulnerabilities that meet its criteria, namely any of the following:

  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)
  • Unauthorized cross-tenant data tampering
  • Insecure direct object references
  • Injection Vulnerabilities
  • Authentication Vulnerabilities
  • Server-side Code Execution
  • Privilege Escalation
  • Significant security misconfiguration
  • However, the bonus bounties apply only on the following platforms: portal.office.com, outlook.office365.com, outlook.office.com, *.outlook.com and outlook.com.

    For now, Microsoft didn't say why it has made the special offer for those domains, but clearly it feels they need to be given a thorough going-over. A simple reason could be that they just haven't attracted many bounty hunters.

    Another could be that they are running new code worthy of extra probing. The timing of the bloated bounty is also interesting, because as the start of May, we'll be very close to the launch of the Windows 10 Creators Update.

    That release will link with Office 365 Advanced Threat Protection. With $30,000 and more up for grabs, the incentive is clear.

    Source: Oregon's Federal Court.

    Sponsered ads:
    Read the latest IT news. Visit ItDirection.net. Updated several times daily.

    If you need reliability when it comes to SMTP servers, get the best, get Port 587.

    Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

    Share on Twitter.


    Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
    Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer